UPDATE: Perhaps I don’t know my procmail as well as I thought. There was something wrong with this setup and I don’t know what it was. I ended up with major mail loops as sendmail tried to redeliver messages to my local address over and over, which were then forwarded to the unpublished account (which refused it because it was an invalid address!). Any ideas?  For now, I’ve updated this setup to deliver locally–something that’s fairly straightforward to do for most people.

And now, back to our regularly scheduled entry:

I’ve got Spamassassin running against one of my POP3 mail servers via fetchmail.  It cleans the mail, marks spam, junks anything that rates extremely high (I’ve set a score of 15 as “extremely high”), then redelivers it to a non-public filtered email address.  It’s working great so far!  Here’s the description of how I managed to get this working:

For this HOWTO, I’m assuming you have the following packages installed and working:

  • Fetchmail
  • Procmail
  • Spamassassin

First of all, I set Fetchmail up to run against my POP3 server.  This is the easy part:

poll mailserver
 protocol pop3
 user "username"
 password "password"
 mda "procmail ~/.procmailrc-fetchmail -f %F -m"

This file instructs Fetchmail to grab mail from the given account and process it in procmail using the .procmailrc-fetchmail file. I’ve set it up to use .procmailrc-fetchmail so that regular mail delivery to my Unix user won’t get run through the procmail file again, causing a potential mail loop in some cases. While you’re at it, set up hotwayd and get your Hotmail mail cleanly delivered to your main POP3 account.

To start fetchmail, run this command as your user:

fetchmail -d 120

The contents of this procmail configuration file are:

* ^this is the latest version of security update.*
  | formail -I"Subject: [SPAM] Virus 1"

  | formail -I"Subject: [SPAM] Virus 2"

:0fw: spamassassin.lock
* < 256000
| spamc

* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

Note that in this file, I’ve used procmail to filter out a couple of viruses. This is to stem the tide of the latest email viruses being sent around. I was getting more than 100 a day at its peak!

To summarize the procmail file, the steps are:

  1. If the virus matches the first virus’s signature, mark the subject as “Virus 1” using formail.
  2. If the virus matches the second virus’s signature, mark the subject as “Virus 2” using formail.
  3. Filter the message through Spamassassin, but only if its size is less than 256,000 bytes.
  4. Dump any messages with a spam level > 15 into the mail folder “major-spam”. You can use /dev/null here to ensure that it doesn’t get saved anywhere. Any message that matches this test does not get sent on.
  5. Any messages that survived Step 4 will be delivered to the local mailbox.
  6. Extra credit: If you’ve got the University of Washington IMAP packages installed, you can get yourself an SSL-enabled POP3 server to your local machine. Make sure you’ve created (or obtained) a proper certificate for /usr/share/ssl/certs.

The mail feed you get from this filter chain tends to be fairly clean. On most days, 5-10% of spam might make it through. It’s much better than 100% and Mozilla is pretty good at picking out the remainder with its Bayesean Junk Filter.

Read full post